package com.yjh.auth.config;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.yjh.auth.common.handler.WechatLoginSuccessHandler;
import com.yjh.auth.service.SysUserDetailsService;
import com.yjh.auth.wechat.WechatAuthenticationFilter;
import com.yjh.auth.wechat.WechatSecurityConfigurer;
import lombok.SneakyThrows;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.Primary;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

@Primary
@Order(80)
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private ObjectMapper objectMapper;

    @Autowired
    private ClientDetailsService clientDetailsService;

    @Lazy
    @Autowired
    private AuthorizationServerTokenServices defaultAuthorizationServerTokenServices;


    @Autowired
    private WechatSecurityConfigurer wechatSecurityConfigurer;

    @Autowired
    private SysUserDetailsService SysUserDetailsService;


    @Override
    public void configure(WebSecurity web) throws Exception {
        // 将 check_token 暴露出去，否则资源服务器访问时报 403 错误
        web.ignoring().antMatchers("/oauth/check_token");
    }



    @Bean
    PasswordEncoder passwordEncoder() {
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }

    @Bean
    @Override
    @SneakyThrows
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return  super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
//        http.requestMatchers().anyRequest()
//                .and()
//                .authorizeRequests()
//                .antMatchers("/oauth/**").permitAll();

        http
//			.formLogin()
//			.loginPage("/token/login")
//			.loginProcessingUrl("/token/form")
//			.and()
                .authorizeRequests()
                .antMatchers(
                        "/token/**",
                        "/actuator/**",
                        "/mobile/**",
                        "/wechat/token/**").permitAll()
                .anyRequest().authenticated()

//                .and().csrf().disable()
//                .apply(mobileSecurityConfigurer())
//                .and()
//                .authorizeRequests()
//                .antMatchers(
//                        "/psw/mobile/**").permitAll()
//                .anyRequest().authenticated()
//                .and().csrf().disable()
//                .apply(mobilePswSecurityConfigurer())
//                .and()
//                .authorizeRequests()
//                .antMatchers(
//                        "/wechat/token/**").permitAll()
//                .anyRequest().authenticated()
//                .and().csrf().disable()
//                .apply(wechatSecurityConfigurer());
//
				.and()
				.authorizeRequests()
				.antMatchers(
						"/wechat/**").permitAll()
				.anyRequest().authenticated()
				.and().csrf().disable()
				.apply(wechatSecurityConfigurers());

    }

    @Bean
    public AuthenticationSuccessHandler wechatLoginSuccessHandler() {
        return WechatLoginSuccessHandler.builder()
                .objectMapper(objectMapper)
                .clientDetailsService(clientDetailsService)
                .passwordEncoder(passwordEncoder())
                .defaultAuthorizationServerTokenServices(defaultAuthorizationServerTokenServices).build();
    }

    @Bean
    public WechatSecurityConfigurer wechatSecurityConfigurers() {
        WechatSecurityConfigurer wechatSecurityConfigurer = new WechatSecurityConfigurer();
        wechatSecurityConfigurer.setWechatLoginSuccessHandler(wechatLoginSuccessHandler());
//        wechatSecurityConfigurer.setUserDetailsService(userDetailsService);
        return wechatSecurityConfigurer;
    }
}
